John Oliver’s Attacks on the FCC

Nobody likes Sinclair Broadcasting. It’s a massive corporation that uses its resources to promote a political agenda, hiding behind the First Amendment. We want our news to be free of corporate influence and lobbyist pressure.

Very few people were unhappy about the collapse of the Sinclair/Tribune merger. Are we willing to apply the standards of criticism we’ve used on Sinclair to news outlets that promote points of view with which we agree, or do we give them a free pass?

Inspired by a Google Lobbyist

Net neutrality, like gene editing, is a complicated issue full of pros and cons. While Oliver at least paid lip service to the benefits of gene editing, he completely botched net neutrality by treating it as a black and white issue.

The net neutrality story was fed to an Oliver researcher by then-Google lobbyist Marvin Ammori. This isn’t speculation: the Wall Street Journal reported the Google connection, and Ammori bragged about it on his personal web site (in a story I can no longer find, sadly).

As we technologists have explained to Congress, net neutrality is overly restrictive. Proponents argue that it protects the Internet from manipulation, but this argument echoes the horror stories about gene editing leading to 40 foot wolves and the like.

Collaboration with Pressure Groups

We know Oliver’s researcher closely collaborated with Ammori on the first net neutrality segment, and we know most of its content was lifted from the web site of Free Press, a former employer of Ammori’s. We also know that Ammori acted as a go-between who made sure his fellow activists were ready to respond to the 2014 story with millions of FCC comments.

We’re less certain of the extent to which Oliver collaborated with pressure groups around the 2017 story that prompted something like 15 to 20 million pro-Title II comments to the FCC. But we know both segments of “Last Week Tonight” caused massive problems with the FCC’s Electronic Comments Filing System (ECFS).

Inspector General Fails to Find Ground Truth

There’s a public controversy about the way the FCC handled the stories of both the 2014 and 2017 ECFS meltdowns connected to Oliver. The FCC’s CIO during both incidents, David Bray, described them as “non-traditional DDoS attacks.” The FCC’s statements to Congress used this terminology. Some people have issues with this description, however.

The August 6, 2018 memo from Jay Keithly, the FCC’s Assistant Inspector General for Investigations, to his boss, Inspector General David Hunt, explains the nature of the traditional DDoS attack in a footnote:

A denial-of-service attack (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. In a distributed denial-of-service attack (DDoS), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

He says the FCC’s description of the attacks on its systems is inaccurate because it did not appear, in his analysis, to conform to the traditional mold. Yet the FCC didn’t claim it was a classical DDoS attack.

Keithly’s Hair-Splitting Analysis

Keithly prefers to describe the attack triggered by the Oliver show in different terms than those used by the FCC:

The degradation of ECFS system availability was likely the result of a combination of: (1) “flash crowd” activity resulting from the Last Week Tonight with John Oliver episode that aired on May 7, 2017 through the links provided by that program for filing comments in the proceeding; and (2) high volume traffic resulting from system design issues.

Keithly’s claim that the attack was caused by a “flash crowd” (BTW, “flash mob” is more traditional) triggered by the Oliver show and not a “non-traditional DDoS attack” is simply a legalistic word game. The attack started four minutes into the Oliver show, and continued at a high level for several days.

Keithly goes to great pains to claim that the attack didn’t start until the Oliver show was over, but his charts and his analysis actually show it starting four minutes into Oliver’s 30-minute-long show.

How John Oliver Attacked the FCC’s Website

The attack was characterized by a large number of accesses to an API inside ECFS that’s not a normal target for human interaction, ecfsapi.fcc.gov. This API was targeted by the lovely “gofccyourself.com” domain registered by the very hilarious comedian: when a user typed the domain into a browser, Oliver’s system created a hit on the FCC’s API.

Due to an unfortunate design decision made some years ago, external accesses to the ecfsapi.fcc.gov API impose a lot of load on the website. So a person seeking to sap the FCC’s server of system resources – to make it slow down drastically and even crash – could not do better than direct a portion of Oliver’s 11.5 million person audience (6.5M on TV, another 5 on YouTube) to the system’s weakest link.

Keithly’s claim that the API creates “high volume traffic” all by itself is false. The design of the API is such that it consumes system resources, but it doesn’t create traffic. Oliver’s viewers created the traffic at his behest, and Oliver’s domain redirection ensured it hit the FCC where it hurt the most.

Was There any Coordination?

It’s also likely that the same kind of coordination with activists groups that Oliver’s staff engaged in during the 2014 attack took place again in 2017. There’s no evidence that it did or didn’t, because no one has looked into the matter.

But his staff reached out to the FCC nearly a week before the show aired and has a history of coordination so it’s hard to see why “Last Week Tonight” wouldn’t coordinate if for no reason other than ratings. But I speculate.

It seems to me that the best way to ensure a system failure would be to combine attacks by the Oliver audience with attacks by the groups Oliver has called upon to go after the FCC: the angriest and meanest people on the whole Internet.

He pulled a similar stunt the end of the 2017 broadcast, again closing with the line “fly my pretties, fly once more”. And the time-wasters to whom he appealed did as they were told, filing comments in support of Title II with no apparent appreciation for what the term means. This looks like a non-traditional denial of service attack to me.

Political Slander as a Business Model

The stunts worked well for Oliver, helping him build his audience from 1.1M in his premier episode to eye-popping levels today:

Oliver finally took on Trump on Feb. 28, 2016, in a 21-minute segment that has garnered more than 33 million views and topped what had been the series’ highest ratings, both on TV and online. The segment explored the reasons Trump appealed to Americans and promptly debunked each one. On March 1, it had 10.4 million engagements, and on March 2, almost 7.5 million engagements. The episode totaled approximately six million views between video-on-demand and DVR plays. As of March 30, the episode had 62 million views on Facebook and another 23.3 million on YouTube.

Oliver’s most overtly nasty political episodes draw the most eyeballs. He’s learned a lot from his activist friends.

The FCC Didn’t Handle This Very Well

OK, so John Oliver is just looking to get his numbers up and he’s found that political showboating is his best move. He could run for Congress and win with this knowledge. But that doesn’t mean the FCC handled the incident all that well.

In this political environment, every press statement is going to be as carefully parsed as “that depends on what the meaning of the word “is” is”. The FCC could have done more to prepare for the attack, to analyze it carefully, and to be excruciatingly detailed in its explanations.

Instead of letting politicians convert its analysis of a “non-traditional DDoS attack” into a traditional one, it could have clarified that it meant that the ECFS servers were overwhelmed by a combination of direct attacks from Oliver’s audience to the API with bulk filings by activist groups. It said this, but it seems to be have been lost in the noise.

Going forward, the FCC would do well to raise its IT game. The IG’s report shows that the agency’s log analysis tools are very rudimentary, its system design chops aren’t up to snuff, and it relies too heavily on contractors. The entire episode is still shrouded in a fog of war and the analysis of the May 2017 events is still incomplete.

Why None of This Really Matters

Having gone down the rat hole of what really happened on May 7, 2017 and what the correct terminology is, it’s time to pop back up the surface to point out that none of this really matters. The FCC is required to take public comment and to analyze that comment for well-reasoned arguments that pertain to the questions asked in its NPRM.

It is not required to count noses or to verify that each profane screed it receives comes from a legitimate, qualified voter. It doesn’t matter that some comments opposed to Title II were signed with activist names or that five or 10 pro-Title II comments had my name on them.

There is ample evidence that the FCC gave proper consideration to the useful and relevant legal, economic, and technical comments offered in the proceeding. The fact that John Oliver’s audience is angry or that its size is large isn’t relevant, and it’s not even news.

The activists failed to express their feelings in a way that moves the ball forward, and for that reason they deserve to be ignored. The story is still a flop and the bloggers who are trolling it are still not helping.